{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20281", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.247Z", "datePublished": "2025-06-25T16:11:42.285Z", "dateUpdated": "2025-06-26T13:25:40.942Z"}, "containers": {"cna": {"title": "Cisco ISE API Unauthenticated Remote Code Execution Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6", "name": "cisco-sa-ise-unauth-rce-ZAd2GnJ6"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-ise-unauth-rce-ZAd2GnJ6", "discovery": "EXTERNAL", "defects": ["CSCwo99449"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "cwe", "cweId": "CWE-74"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"version": "3.3.0", "status": "affected"}, {"version": "3.3 Patch 2", "status": "affected"}, {"version": "3.3 Patch 1", "status": "affected"}, {"version": "3.3 Patch 3", "status": "affected"}, {"version": "3.4.0", "status": "affected"}, {"version": "3.3 Patch 4", "status": "affected"}, {"version": "3.4 Patch 1", "status": "affected"}, {"version": "3.3 Patch 5", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-06-25T16:29:12.361Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-26T03:55:25.441371Z", "id": "CVE-2025-20281", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T13:25:40.942Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-20281", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-26T03:55:25.441371Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T13:25:37.306Z"}}], "cna": {"title": "Cisco ISE API Unauthenticated Remote Code Execution Vulnerability", "source": {"defects": ["CSCwo99449"], "advisory": "cisco-sa-ise-unauth-rce-ZAd2GnJ6", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"status": "affected", "version": "3.3.0"}, {"status": "affected", "version": "3.3 Patch 2"}, {"status": "affected", "version": "3.3 Patch 1"}, {"status": "affected", "version": "3.3 Patch 3"}, {"status": "affected", "version": "3.4.0"}, {"status": "affected", "version": "3.3 Patch 4"}, {"status": "affected", "version": "3.4 Patch 1"}, {"status": "affected", "version": "3.3 Patch 5"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6", "name": "cisco-sa-ise-unauth-rce-ZAd2GnJ6"}], "descriptions": [{"lang": "en", "value": "A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-74", "description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-06-25T16:29:12.361Z"}}}, "cveMetadata": {"cveId": "CVE-2025-20281", "state": "PUBLISHED", "dateUpdated": "2025-06-26T13:25:40.942Z", "dateReserved": "2024-10-10T19:15:13.247Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2025-06-25T16:11:42.285Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "F1B9C2C1-59A4-49A0-9B74-83CCB063E55D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*", "matchCriteriaId": "E6C94CC4-CC08-4DAF-A606-FDAFC92720A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*", "matchCriteriaId": "BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*", "matchCriteriaId": "FF8B81A6-BF44-4E5F-B167-39F61DDCA026", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*", "matchCriteriaId": "56E0F0EC-3E66-4866-89F5-89B331F3F517", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "D23905E0-E525-49B1-8E5F-4EB42D186768", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "74509498-38EF-4345-9583-CEF5C26CA1D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "3CA3315D-8A45-43F4-A0F0-094D325F285B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "B3736136-9FD8-4B12-B119-EA15201224D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*", "matchCriteriaId": "654ED77E-22D3-4E76-9E6D-B1581F5982F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*", "matchCriteriaId": "A0648EE9-F042-479F-9AAB-C6B5DBC46511", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*", "matchCriteriaId": "83F3BA58-4F38-41C8-956F-38A2F44EECE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*", "matchCriteriaId": "6C30FA1D-91E2-48C5-B181-A88FDF668278", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "CC0525FD-C4D7-4B48-BF35-1791391AB148", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "68C96F6B-51EE-4D03-9598-CBFD16DA22EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device."}, {"lang": "es", "value": "Una vulnerabilidad en una API espec\u00edfica de Cisco ISE y Cisco ISE-PIC podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario en el sistema operativo subyacente como root. El atacante no necesita credenciales v\u00e1lidas para explotar esta vulnerabilidad. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la informaci\u00f3n proporcionada por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud de API manipulada. Una explotaci\u00f3n exitosa podr\u00eda permitirle obtener privilegios de root en un dispositivo afectado."}], "id": "CVE-2025-20281", "lastModified": "2025-06-26T20:35:07.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@cisco.com", "type": "Primary"}]}, "published": "2025-06-25T16:15:26.017", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "psirt@cisco.com", "type": "Primary"}]}

{}